ICIT Sr. Fellow James Scott and Researcher Drew Spaniel did a thorough job identifying the various pitfalls of cybersecurity and ensuring everyone in the organization cares about cyber hygiene and is on top of their game. They offered several good ideas to meet the needs of today’s environment, such as use a digital representation of the one and only identity a user has in order to limit points of entry for the adversaries. Additionally, their point that ALL users are subject to adhere and practice cyber hygiene and best practices is one that seems to escape many organizations. This mind-set that only some of the organization’s users are “privileged users” leaves the organization partially protected and still vulnerable to the regular users leaving the door open or partners and vendors exposing the “keys to kingdom.”

Scott and Spaniel are spot on when they advocate the use of automating cyber hygiene by automatically limiting access to resources based each user role or responsibility. This will ensure behavior of insider threats or uninformed user activity is not possible and prevented by their user role. Coupled with the ability to review through actual audit of user sessions help the cyber-team understand whether they need to pursue an investigation or send someone back to a cyber hygiene class. Either way, the breach does not happen and policy is automatically re-enforced.

The five main takeaways of this paper are:

Use digital access technologies that limit the one and only access point users have to reach resources

Provide user roles that details each person’s access and privilege they have in that role and what time of day, week or month is that role available

Audit user sessions on critical resources at a minimum

Cover your entire risk surface by remembering ALL users in an organization are privileged users and need to provide least access to users based on their role to enforce good cyber hygiene and meet compliance requirements

Centrify CEO Tom Kemp, an industry expert in security and infrastructure software, discusses market and technology issues around the disruption occurring in the Identity and Access Management market due to the cloud, mobile and consumerization of IT trends occurring in today's IT environment.